longbridge

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is a dedicated trading CLI using the longport/longbridge SDK with explicit, specific capabilities to place and cancel market/limit orders (commands shown: place, cancel), view account/positions, and requires trading credentials (App Key / App Secret / Access Token). It explicitly supports live order placement (with --confirm-live) and operates on real markets (US, HK, A-share). These are direct market-order and account-managing functions (i.e., moving assets/funds), so this is Direct Financial Execution.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 09:26 PM
Issues
1
Security Audit — snyk — longbridge